|
219791
|
5.4 |
MEDIUM
Network
|
hcltech
|
marketing_campaign
|
"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious …
|
CWE-79
Cross-site Scripting
|
CVE-2019-4091
|
2024-11-21 13:43 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219792
|
5.4 |
MEDIUM
Network
|
hcltech
|
marketing_campaign
|
"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."
|
CWE-79
Cross-site Scripting
|
CVE-2019-4090
|
2024-11-21 13:43 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219793
|
7.8 |
HIGH
Local
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.
|
CWE-384
Session Fixation
|
CVE-2019-4591
|
2024-11-21 13:43 |
2020-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219794
|
6.1 |
MEDIUM
Network
|
hcltech
|
appscan
|
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
|
CWE-79
Cross-site Scripting
|
CVE-2019-4324
|
2024-11-21 13:43 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219795
|
4.3 |
MEDIUM
Network
|
hcltech
|
appscan
|
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2019-4323
|
2024-11-21 13:43 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219796
|
7.8 |
HIGH
Local
|
ibm
|
security_identity_manager_virtual_appliance
|
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2019-4676
|
2024-11-21 13:43 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219797
|
6.3 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inform…
|
CWE-89
SQL Injection
|
CVE-2019-4650
|
2024-11-21 13:43 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219798
|
9.8 |
CRITICAL
Network
|
ibm
|
qradar_network_packet_capture
|
IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accoun…
|
CWE-521
Weak Password Requirements
|
CVE-2019-4576
|
2024-11-21 13:43 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219799
|
6.5 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998.
|
NVD-CWE-noinfo
|
CVE-2019-4478
|
2024-11-21 13:43 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219800
|
5.9 |
MEDIUM
Network
|
ibm
|
urbancode_deploy
|
IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit th…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-4667
|
2024-11-21 13:43 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
